<?php
  $url = urldecode(http_build_query($_GET));
  $url = explode('?', $url)[0];
  $url = explode('&', $url);
  $user = explode('=',$url[0])[1];
  $pass = explode('=',$url[1])[1];
  $link = mysql_connect('localhost', 'root', '');
  if (!$link) {
    die('Not connected : ' . mysql_error());
  }

  // make foo the current FinalProject
  $db_selected = mysql_select_db('FinalProject', $link);
  if (!$db_selected) {
    die ('Can\'t use Final Project: ' . mysql_error());
  }
  
    // Formulate Query
          // This is the best way to perform an SQL query
          // For more examples, see mysql_real_escape_string()
          $query = sprintf("SELECT * FROM `Users` WHERE `Username`='%s' and `Password`='%s'",
              mysql_real_escape_string($user),
              mysql_real_escape_string($pass));

          // Perform Query
          $result = mysql_query($query);

          // Check result
          // This shows the actual query sent to MySQL, and the error. Useful for debugging.
          if (!$result) {
                 $message  = 'Invalid query: '.mysql_error().' ';
                 $message .= 'Whole query: '.$query;
                 die($message);
          }
		  
		   while ($row = mysql_fetch_assoc($result)) {
					  echo '<b>Logging in.....<b>';
                      $usr = $row['Username'];
                      $pass = $row['Password'];
					  $fname = $row['Fname'];
					  $lname = $row['Lname'];
					  $urlvar = $row['urlVars'];
					  setcookie("usr", $usr, time()+3600);
					  setcookie("pass", $pass, time()+3600);
					  setcookie("Fname", $fname, time()+3600);
					  setcookie("Lname", $lname, time()+3600);
					  setcookie("urlVars", $urlvar, time()+3600);
					  header("Location: index.php");
                  }
	echo '<b>NOT A VALID ACCOUNT<b>';

?>